v0.3.0

Security hardening.

• allowed_origins + check_origin() defend against cross-site WebSocket hijacking (CWE-1385)
• on_connect authentication hook invoked before a connection is tracked (CWE-306)
• max_connections defaults to 10,000 (CWE-770)
• max_message_bytes + receive helpers reject oversized frames (CWE-770)
• room_validator enforced for connect(rooms=...) (CWE-862)
• require_room forbids global broadcasts (CWE-200)
• Security-relevant events logged (CWE-778)

v0.2.1 — heartbeat hotfix

Fix: is_alive() now correctly returns False for connections that were never touch()ed. The previous default (last_seen=0) plus small time.monotonic() on a fresh process produced false positives.

v0.2.0 — security hardening

Full OWASP review fixes. See CHANGELOG.md for details.

v0.1.0

Initial release.

ConnectionManager with rooms + broadcasting, optional Redis pub/sub backplane for multi-process fan-out, heartbeat monitor, Depends(get_manager).

Extras: [redis].